CVE-2008-3790

Priority
Description
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72,
and 1.9 allows context-dependent attackers to cause a denial of service
(CPU consumption) via an XML document with recursively nested entities, aka
an "XML entity explosion."
Notes
 jdstrand> PoC http://downloads.securityfocus.com/vulnerabilities/exploits/30802.rb
Assigned-to
jdstrand
Package
Upstream:released (1.8.7.72-1)
Package
Upstream:released (1.9.0.2-7)
More Information

Updated: 2019-03-19 11:46:57 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)